(generated by Samson)
We've been quietly (loudly) running a Red Team audit against the testnet for the past few days, and — surprise — they found some stuff. The good news is all 6 threat categories have been addressed in this release.
This is a coordinated upgrade. TLS means old nodes can't connect to new ones. Run the upgrade below or you'll be mining in the dark.
---
What's New
🔒 P2P is now encrypted. Full stop.
All peer-to-peer traffic runs over TLS v1.2 now. On first startup, your node auto-generates a self-signed RSA-2048 certificate — takes about half a second, you'll see `🔐 Generating self-signed TLS certificate...`. After that, every block, transaction, and gossip message is encrypted on the wire.
If an old node tries to connect to you, they'll get a message in their terminal telling them to upgrade. If you run into an old node, same deal — clear instructions, no silent failure.
No new flags, no config changes. Your `--mine` command stays the same.
🔐 Wallet keys are now encrypted at rest
Your private key PEM files are now encrypted with AES-128-CBC + HMAC-SHA256 using a passphrase. How it works:
Wallet create — prompts for a passphrase (optional, press Enter for unencrypted backward compat)
Wallet load/balance/history/tx — prompts for passphrase if file is encrypted
Existing unencrypted PEMs still load fine. No breakage.
Passphrase is derived through PBKDF2 at 480,000 iterations — not breaking that in your lifetime.
🕐 Clock drift is now checked at startup
Your node does a raw NTP query to pool.ntp.org at boot. If your system clock is more than 30 seconds off, you get a warning. More than 2 hours off? Your blocks get rejected by the network. Fix your clock.
⏱️ Block timestamp validation
The network now rejects blocks with impossible timestamps:
Blocks >2 hours in the future? Out.
Blocks before the previous block? Chronology exists for a reason.
Blocks >24 hours behind the previous block? That's not a valid fork, that's a relic.
🛑 Rate limiting per peer
Each P2P peer gets 10 messages/second max via a sliding window tracker. Exceed it and you're banned for 24 hours. Complements the existing connection caps (500 inbound, 10 outbound) and 20MB payload limit for defense-in-depth.
📊 Miner health metrics
After each mined block, you'll see a health summary:
```
💎 Block 16103 Mined Successfully by YOU (abc12345)!
-> Block Time: 134s (avg(last 100): 145s | median: 122s | target: 150s)
-> TX Count: 1 | Mempool: 0 pending
-> Peers: 3 connected | Chain: 16103 blocks
```
Real-time feedback on how the network is performing relative to the 150s target.
⏱️ Faster startup
Replaced the blind 5-second startup pause with an active wait (checks every 100ms). Your node starts up to 5 seconds faster.
🐛 Wallet port mismatch fixed
If you ever ran `wallet create --port 8000` then `node --mine` and saw a zero balance — that was because the wallet default was the API port (8000) but the miner looks for `wallet_8001.pem`. They disagreed. Fixed: wallet defaults to the P2P port now, so they match out of the box.
---
Upgrade Instructions
```bash
cd cognition-node
git pull
pip install -r requirements.txt
# Then restart:
python core_node.py node --mine
```
New dependency this release: `cryptography>=41.0.0` — handles wallet encryption and cert generation.
New files after upgrade: A `certs/` directory with your self-signed TLS cert. It's auto-generated and gitignored. Don't touch it.
---
Full Red Team Closure
Finding Status
🔴 Insecure key storage ✅ PBKDF2 + Fernet wallet encryption
🟡 Timing/brittle sleeps ✅ Event-driven init + timestamp validation
🔴 P2P eavesdropping ✅ TLS v1.2 encryption
🟡 Timestamp manipulation ✅ NTP clock check + block validation
🟢 Blockchain data at rest ⏸ Deferred (testnet data is public)
🟡 Resource exhaustion/DoS ✅ Rate limiting + connection caps
---
That's it. Git pull, pip install, restart. No chain reset needed — your `blockchain.json` stays put.
Questions, complaints, or want to tell me this broke something? Drop it here.